From 1419dff7d8a9ba272f939cd2941f1ac6e56e3ac8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Kohlschu=CC=88tter?=
 <christian@kohlschutter.com>
Date: Fri, 14 Oct 2022 22:28:05 +0200
Subject: [PATCH] junixsocket-demo: Bump protobuf-java version

mysql-connector-java depends on an outdated protobuf-java artifact
(3.19.4) that has a security issue.

Bump protobuf-java to 3.19.6.

https://ossindex.sonatype.org/vulnerability/CVE-2022-3171?component-type=maven&component-name=com.google.protobuf%2Fprotobuf-java&utm_source=ossindex-client&utm_medium=integration&utm_content=1.7.0
---
 junixsocket-demo/pom.xml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/junixsocket-demo/pom.xml b/junixsocket-demo/pom.xml
index 04abcd59e..154dc5c78 100644
--- a/junixsocket-demo/pom.xml
+++ b/junixsocket-demo/pom.xml
@@ -50,6 +50,19 @@
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
             <version>8.0.30</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.google.protobuf</groupId>
+                    <artifactId>protobuf-java</artifactId>
+                    <!-- CVE-2022-3171: 3.19.4 -->
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <!-- CVE-2022-3171: replace 3.19.4 (dependency of mysql-connector-java) -->
+            <groupId>com.google.protobuf</groupId>
+            <artifactId>protobuf-java</artifactId>
+            <version>3.19.6</version>
         </dependency>
         <dependency>
             <!-- NOTE: Due to this dependency, maven-project-info-reports-plugin